Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: yahoo redirects.

  1. #1
    Junior Member
    Join Date
    Jul 2011
    Posts
    10

    Default yahoo redirects.

    Alright, haven't seen if its hitting google too, but from everything I've seen it's on most redirects.

    Ran the most current S and D, it popped up with win32.palevo which seems to be coming back again and again. but may not be the problem since after removing it, still having the problem. Also had opachki.ru but that seems to be gone.

    Ran TDSSkiller too. which found nothing.

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Mike at 10:38:39 on 2011-07-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2699 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Users\Mike\AppData\Local\Temp\csrss.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Users\Mike\AppData\Roaming\Microsoft\conhost.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Mike\AppData\Roaming\dwm.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:55455
    uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
    mWinlogon: Userinit=userinit.exe
    uWinlogon: Shell=explorer.exe,
    uWindows: Load=C:\Users\Mike\AppData\Local\Temp\csrss.exe
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110709120721.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
    TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [conhost] C:\Users\Mike\AppData\Roaming\Microsoft\conhost.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRunOnce: [Spybot - Search & Destroy] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{BE894BED-1207-4262-9865-C0A6E3ED1784} : DhcpNameServer = 192.168.1.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110709120721.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll
    TB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRunOnce-x64: [Spybot - Search & Destroy] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101231.001\IDSviA64.sys [2010-12-31 476792]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-9 355440]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-9 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-9 355440]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-9 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-9 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-9 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-26 2218600]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-9-19 635416]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-9-3 444224]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-22 953904]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-12 14:22:56 201216 ----a-w- C:\Users\Mike\AppData\Roaming\dwm.exe
    2011-07-12 12:29:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-07-12 12:29:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-07-11 21:19:28 310272 ----a-w- C:\Users\Mike\AppData\Roaming\Microsoft\conhost.exe
    2011-07-09 16:06:48 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2011-07-09 15:57:16 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2011-07-09 15:57:08 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2011-07-09 15:56:31 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2011-07-09 15:56:31 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2011-07-09 15:56:31 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2011-07-09 15:56:31 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2011-07-09 15:56:31 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2011-07-09 15:40:58 158832 ----a-w- C:\Windows\System32\mfevtps.exe
    2011-07-09 15:40:21 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C58B001-E295-4A04-8EB4-B400A25E488C}\mpengine.dll
    2011-07-08 22:15:00 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2011-07-08 22:14:13 -------- d-----w- C:\Program Files\McAfee.com
    2011-07-08 22:14:13 -------- d-----w- C:\Program Files\McAfee
    2011-07-08 22:14:13 -------- d-----w- C:\Program Files\Common Files\McAfee
    2011-07-08 22:14:11 -------- d-----w- C:\Program Files (x86)\McAfee
    2011-07-08 07:33:50 -------- d-----w- C:\270091a133c9c244b6fdba70a0172f27
    2011-07-04 07:33:41 -------- d-----w- C:\71755c1a7a0aa12e40fb
    .
    ==================== Find3M ====================
    .
    2011-05-15 06:33:32 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-05-07 05:02:46 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 10:39:38.83 ===============

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,169

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
    Hi and welcome to Safer Networking.

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Windows 7 Advice:

    All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

    The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Next:

    Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

    Spybot - Search & Destroy <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
    Java(TM) 6 Update 21 <-- We will update this in due course.
    Zynga Toolbar <-- Has undesirable characteristics.

    To do so click once on each of the above and click on Uninstall/Change and follow the prompts.

    Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

    Scan with OTL:

    Please download OTL and save it to your Desktop.

    Alternate downloads are here and here.
    • Right-click on OTL.exe and select Run as Administrator to start OTL.
    • Ensure Include 64bit Scans is selected.
    • Under Output, ensure that Minimal Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.
    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any further symptoms and or problems encountered?
    • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Junior Member
    Join Date
    Jul 2011
    Posts
    10

    Default

    Alright, got that unistalled and whatnot.
    Actually managed to get rid of the malware once... Now it popped back up this morning, same files, same problem..
    It's sitting in appdata\roaming under the name DWM,and is written into the registry, in several spots..

    OTL logfile created on: 7/20/2011 6:19:36 AM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.78% Memory free
    8.00 Gb Paging File | 6.11 Gb Available in Paging File | 76.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.46 Gb Total Space | 561.01 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
    Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
    Drive E: | 365.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MIKE-HP | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    PRC - C:\Users\Mike\AppData\Roaming\dwm.exe ()
    PRC - C:\Users\Mike\AppData\Local\Temp\tmph754402334323179252.tmp (Slows Print)
    PRC - C:\Users\Mike\AppData\Local\Temp\tmph6193933549803906614.tmp ()
    PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    PRC - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
    MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
    SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    SRV - (RosettaStoneDaemon) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
    DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
    DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
    DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys (Symantec Corporation)
    DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys (Symantec Corporation)
    DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys (Symantec Corporation)
    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys (Symantec Corporation)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110105.003\EX64.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110105.003\ENG64.SYS (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101231.001\IDSviA64.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59717

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59717



    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59717

    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/07/09 11:37:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn\ [2011/07/09 11:37:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/15 03:01:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/15 03:01:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/07/11 16:19:51 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/07/12 19:34:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110709120721.dll (McAfee, Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110709120721.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000..\Run: [973126433] C:\Users\Mike\AppData\Local\Temp\tmph6193933549803906614.tmp ()
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000..\Run: [conhost] C:\Users\Mike\AppData\Roaming\Microsoft\conhost.exe (Slows Print)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003..\RunOnce: [mctadmin] File not found
    F3:64bit: - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 WinNT: Load - (C:\Users\Mike\AppData\Local\Temp\csrss.exe) - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    F3 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 WinNT: Load - (C:\Users\Mike\AppData\Local\Temp\csrss.exe) - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 Winlogon: Shell - (C:\Users\Mike\AppData\Roaming\dwm.exe) - C:\Users\Mike\AppData\Roaming\dwm.exe ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/25 06:27:12 | 000,000,016 | R--- | M] () - E:\AUTOPLAY.BAT -- [ CDFS ]
    O32 - AutoRun File - [2008/02/25 06:27:28 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/20 06:12:44 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2011/07/17 16:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/07/12 19:39:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/07/12 19:35:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/07/12 19:23:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/07/12 19:23:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/07/12 19:23:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/07/12 19:23:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/07/12 19:23:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/07/12 19:22:59 | 004,149,767 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
    [2011/07/12 19:21:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/12 19:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/07/12 19:17:19 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
    [2011/07/12 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
    [2011/07/12 10:05:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\tdsskiller[1]
    [2011/07/12 08:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/07/12 08:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2011/07/09 12:06:48 | 000,283,744 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
    [2011/07/09 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
    [2011/07/09 11:57:08 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
    [2011/07/09 11:56:31 | 000,441,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2011/07/09 11:56:31 | 000,190,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2011/07/09 11:56:31 | 000,094,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2011/07/09 11:56:31 | 000,075,160 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
    [2011/07/09 11:56:31 | 000,063,056 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
    [2011/07/09 11:40:58 | 000,158,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2011/07/08 18:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2011/07/08 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2011/07/08 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2011/07/08 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2011/07/08 18:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2011/07/08 18:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2011/07/08 03:33:50 | 000,000,000 | ---D | C] -- C:\270091a133c9c244b6fdba70a0172f27
    [2011/07/04 03:33:41 | 000,000,000 | ---D | C] -- C:\71755c1a7a0aa12e40fb
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/20 06:13:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2011/07/20 06:06:47 | 000,009,054 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\2C24.4D7
    [2011/07/19 22:14:42 | 000,177,664 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\dwm.exe
    [2011/07/17 16:05:55 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2011/07/17 12:16:51 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMike.job
    [2011/07/17 10:23:04 | 000,001,854 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml
    [2011/07/16 15:44:16 | 000,000,632 | RHS- | M] () -- C:\Users\Mike\ntuser.pol
    [2011/07/15 21:48:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/15 21:48:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/15 21:41:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/15 21:41:16 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/12 19:34:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/07/12 19:23:21 | 004,149,767 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
    [2011/07/12 18:52:42 | 000,000,000 | ---- | M] () -- C:\Users\Mike\Desktop\RKUnhookerLE.EXE
    [2011/07/12 10:40:54 | 000,003,094 | ---- | M] () -- C:\Users\Mike\Desktop\Attach.zip
    [2011/07/12 10:38:25 | 000,000,000 | ---- | M] () -- C:\Users\Mike\Desktop\dds.scr
    [2011/07/12 09:42:36 | 000,435,740 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110712-103528.backup
    [2011/07/09 12:07:08 | 001,385,928 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
    [2011/07/09 12:05:02 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/07/09 12:05:02 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/07/09 12:05:02 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/19 22:14:42 | 000,177,664 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\dwm.exe
    [2011/07/18 13:19:02 | 000,009,054 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\2C24.4D7
    [2011/07/17 10:23:04 | 000,001,854 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml
    [2011/07/16 15:44:16 | 000,000,632 | RHS- | C] () -- C:\Users\Mike\ntuser.pol
    [2011/07/12 19:23:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/07/12 19:23:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/07/12 19:23:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/07/12 19:23:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/07/12 19:23:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/07/12 18:52:37 | 000,000,000 | ---- | C] () -- C:\Users\Mike\Desktop\RKUnhookerLE.EXE
    [2011/07/12 10:40:54 | 000,003,094 | ---- | C] () -- C:\Users\Mike\Desktop\Attach.zip
    [2011/07/12 10:38:12 | 000,000,000 | ---- | C] () -- C:\Users\Mike\Desktop\dds.scr
    [2011/07/09 11:57:47 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2011/05/31 07:35:29 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/25 21:11:14 | 000,007,597 | ---- | C] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
    [2011/03/13 18:33:45 | 000,084,332 | ---- | C] () -- C:\Windows\War3Unin.dat
    [2010/12/20 18:07:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2010/09/19 16:25:05 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/09/19 15:38:19 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/09/19 15:28:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

    < End of report >

  4. #4
    Junior Member
    Join Date
    Jul 2011
    Posts
    10

    Default

    OTL Extras logfile created on: 7/20/2011 6:19:36 AM - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.78% Memory free
    8.00 Gb Paging File | 6.11 Gb Available in Paging File | 76.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.46 Gb Total Space | 561.01 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
    Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
    Drive E: | 365.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MIKE-HP | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
    "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
    "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
    "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
    "{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
    "{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
    "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
    "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
    "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
    "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
    "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
    "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
    "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
    "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
    "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
    "{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
    "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
    "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ESET Online Scanner" = ESET Online Scanner v3
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "MSC" = McAfee AntiVirus Plus
    "My HP Game Console" = HP Game Console
    "NIS" = Norton Internet Security
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "Plants vs. Zombies" = Plants vs. Zombies
    "StarCraft II" = StarCraft II
    "Steam App 500" = Left 4 Dead
    "Steam App 550" = Left 4 Dead 2
    "Warcraft III" = Warcraft III
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop
    "Warcraft III" = Warcraft III: All Products
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/15/2011 5:33:12 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: Alert.dll, version: 1.0.19.1, time stamp:
    0x4c03770e Exception code: 0xc0000005 Fault offset: 0x0002fd0b Faulting process id:
    0xd48 Faulting application start time: 0x01cc12cbfac4f4ea Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files (x86)\Conduit\Community Alerts\Alert.dll Report Id: 59a7aeaf-7ed6-11e0-9896-f7874fe1af24

    Error - 5/15/2011 4:50:38 PM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: Alert.dll, version: 1.0.19.1, time stamp:
    0x4c03770e Exception code: 0xc0000005 Fault offset: 0x0002fd0b Faulting process id:
    0xffc Faulting application start time: 0x01cc133634de97eb Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files (x86)\Conduit\Community Alerts\Alert.dll Report Id: fc7e7516-7f34-11e0-9896-f7874fe1af24

    Error - 5/16/2011 6:37:43 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: Alert.dll, version: 1.0.19.1, time stamp:
    0x4c03770e Exception code: 0xc0000005 Fault offset: 0x0002fd0b Faulting process id:
    0x11ac Faulting application start time: 0x01cc13473309d017 Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files (x86)\Conduit\Community Alerts\Alert.dll Report Id: 874b94bb-7fa8-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:18:20 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvcplui.exe, version: 3.4.772.4, time stamp:
    0x4cb9da47 Faulting module name: nvgames.dll, version: 6.14.12.6099, time stamp:
    0x4cb9e915 Exception code: 0xc0000417 Fault offset: 0x00000000001478b0 Faulting process
    id: 0x20f8 Faulting application start time: 0x01cc1b8e2763b1d6 Faulting application
    path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting
    module path: C:\Program Files\NVIDIA Corporation\Display\nvgames.dll Report Id:
    7a43bc51-8781-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:18:32 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvcplui.exe, version: 3.4.772.4, time stamp:
    0x4cb9da47 Faulting module name: nvgames.dll, version: 6.14.12.6099, time stamp:
    0x4cb9e915 Exception code: 0xc0000417 Fault offset: 0x00000000001478b0 Faulting process
    id: 0x1de4 Faulting application start time: 0x01cc1b8e423e7616 Faulting application
    path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting
    module path: C:\Program Files\NVIDIA Corporation\Display\nvgames.dll Report Id:
    8167dd22-8781-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:18:55 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvcplui.exe, version: 3.4.772.4, time stamp:
    0x4cb9da47 Faulting module name: nvgames.dll, version: 6.14.12.6099, time stamp:
    0x4cb9e915 Exception code: 0xc0000417 Fault offset: 0x00000000001478b0 Faulting process
    id: 0x1394 Faulting application start time: 0x01cc1b8e504d96b1 Faulting application
    path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting
    module path: C:\Program Files\NVIDIA Corporation\Display\nvgames.dll Report Id:
    8f4e8658-8781-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:20:07 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvvsvc.exe, version: 8.17.12.6099, time
    stamp: 0x4cb9e7ce Faulting module name: nvvsvc.exe, version: 8.17.12.6099, time
    stamp: 0x4cb9e7ce Exception code: 0x40000015 Fault offset: 0x000000000005fda2 Faulting
    process id: 0x1df8 Faulting application start time: 0x01cc1b8e2517bdf3 Faulting application
    path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
    Report
    Id: ba6abced-8781-11e0-9896-f7874fe1af24

    Error - 6/25/2011 9:06:08 PM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: mshtml.dll, version: 8.0.7600.16766,
    time stamp: 0x4d65eb0f Exception code: 0xc0000005 Fault offset: 0x001462a1 Faulting
    process id: 0x698 Faulting application start time: 0x01cc33946cda18ff Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\mshtml.dll Report Id: 793dc94e-9f90-11e0-9466-f0f0a3d37c0b

    Error - 7/3/2011 2:35:28 AM | Computer Name = Mike-HP | Source = VSS | ID = 8194
    Description =

    Error - 7/8/2011 5:43:04 PM | Computer Name = Mike-HP | Source = VSS | ID = 8194
    Description =

    [ Hewlett-Packard Events ]
    Error - 6/6/2011 1:10:09 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 6/12/2011 10:14:57 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description =

    Error - 6/12/2011 10:15:04 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 6/19/2011 10:40:18 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 6/26/2011 10:25:53 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/3/2011 10:54:14 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/3/2011 12:29:15 PM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/6/2011 1:10:16 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/9/2011 11:48:27 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/10/2011 10:06:15 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    [ Media Center Events ]
    Error - 6/29/2011 11:11:27 AM | Computer Name = Mike-HP | Source = Microsoft-Windows-Media Center Extender | ID = 801
    Description =

    [ System Events ]
    Error - 7/12/2011 6:03:40 PM | Computer Name = Mike-HP | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:22:38 PM on ?7/?12/?2011 was unexpected.

    Error - 7/12/2011 6:03:53 PM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7000
    Description = The Sftfs service failed to start due to the following error: %%5

    Error - 7/12/2011 6:03:53 PM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7001
    Description = The Application Virtualization Client service depends on the Sftfs
    service which failed to start because of the following error: %%5

    Error - 7/12/2011 6:03:55 PM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7001
    Description = The Client Virtualization Handler service depends on the Application
    Virtualization Client service which failed to start because of the following error:
    %%1068

    Error - 7/12/2011 6:04:00 PM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BHDrvx64 SymIRON

    Error - 7/12/2011 6:04:36 PM | Computer Name = Mike-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 7/12/2011 6:04:36 PM | Computer Name = Mike-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 7/12/2011 7:29:14 PM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/12/2011 7:32:45 PM | Computer Name = Mike-HP | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/12/2011 7:33:16 PM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >

  5. #5
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,169

    Default

    Hi.

    Alright, got that unistalled and whatnot.
    Actually managed to get rid of the malware once... Now it popped back up this morning, same files, same problem..
    It's sitting in appdata\roaming under the name DWM,and is written into the registry, in several spots..
    OK and thanks for the update. It appears both ComboFix and TDSSKiller have been ran in the past. Some friendly advice, not a wise move to use such without trained supervision as you may render your machine little more than a expensive doorstop. The former actually requires a specific procedure to be uninstalled correctly.

    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please go here and download ERUNT.
    • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
    • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
    • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
    • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
    • Make sure that at least the first two check boxes are selected.
    • Click on OK
    • Then click on YES to create the folder.
    Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    Mutiple Anti-Virus Advice:

    I see you have both McAfee AntiVirus Plus and Norton Internet Security installed/active in system memory. Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Plus also actually lesson overall online protection because of the aforementioned.

    My advise is choose which you wish to keep and uninstall one only. Now if say for example the subscription has ran out on Norton Internet Security, it would be prudent to uninstall this but use the removal tool below to do so:-

    Please download the Norton Removal Tool and Save it to your Desktop.

    • Close all programs and right-click on Norton_Removal_Tool.exe and select Run as Administrator.
    • Follow the on-screen instructions.
    • Restart the computer if asked.
    • Then delete Norton_Removal_Tool.exe from your desktop.

    Custom OTL Script:
    • Right-click OTL.exe and select Run as Administrator to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :OTL
    PRC - C:\Users\Mike\AppData\Roaming\dwm.exe ()
    PRC - C:\Users\Mike\AppData\Local\Temp\tmph754402334323179252.tmp (Slows Print)
    PRC - C:\Users\Mike\AppData\Local\Temp\tmph6193933549803906614.tmp ()
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59717
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59717
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59717
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000..\Run: [973126433] C:\Users\Mike\AppData\Local\Temp\tmph6193933549803906614.tmp ()
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003..\RunOnce: [mctadmin] File not found
    F3:64bit: - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 WinNT: Load - (C:\Users\Mike\AppData\Local\Temp\csrss.exe) - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    F3 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 WinNT: Load - (C:\Users\Mike\AppData\Local\Temp\csrss.exe) - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    [2011/07/12 08:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/07/12 08:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2011/07/08 03:33:50 | 000,000,000 | ---D | C] -- C:\270091a133c9c244b6fdba70a0172f27
    [2011/07/04 03:33:41 | 000,000,000 | ---D | C] -- C:\71755c1a7a0aa12e40fb
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/07/20 06:06:47 | 000,009,054 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\2C24.4D7
    [2011/07/19 22:14:42 | 000,177,664 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\dwm.exe
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [Purity]
    [ResetHosts]
    [EmptyFlash]
    [EmptyTemp]
    [CreateRestorePoint]
    [Reboot]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered.
    • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

    Next:

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
      Note: The feel trial offered for the Protection Module is optional.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please post that log in your next reply.
    The log can also be found here:
    1. Launch Malwarebytes' Anti-Malware
    2. Click on the Logs radio tab.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    When completed the above, please post back the following in the order asked for:

    • How is your computer performing now, any further symptoms and or problems encountered?
    • OTL Log from the Custom Script.
    • Malwarebytes Anti-Malware Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  6. #6
    Junior Member
    Join Date
    Jul 2011
    Posts
    10

    Default

    All right, did all the steps, and encountered a problem.
    After running Malware-bytes after the restart, Internet explorer couldn't connect to anything. The connection was still up because other programs could still access the net, but the browser couldn't.

    and combofixer hasn't been used since the problem came back, it did remove it the first time, but a root must have been stuck somewhere,norton was removed at one point, old system restore probably put part of it back on.
    Anyway.

    Dropped back to the OTL restore point.



    All processes killed
    ========== OTL ==========
    No active process named dwm.exe was found!
    No active process named tmph754402334323179252.tmp was found!
    No active process named tmph6193933549803906614.tmp was found!
    No active process named Program Files was found!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\973126433 deleted successfully.
    C:\Users\Mike\AppData\Local\Temp\tmph6193933549803906614.tmp moved successfully.
    Registry key HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
    C:\Users\Mike\AppData\Local\Temp\csrss.exe moved successfully.
    64bit-Registry value HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Mike\AppData\Local\Temp\csrss.exe deleted successfully.
    File C:\Users\Mike\AppData\Local\Temp\csrss.exe not found.
    Registry value HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Mike\AppData\Local\Temp\csrss.exe deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
    C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
    C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
    C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
    C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
    C:\270091a133c9c244b6fdba70a0172f27 folder moved successfully.
    C:\71755c1a7a0aa12e40fb folder moved successfully.
    C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder deleted successfully.
    C:\Users\Mike\AppData\Roaming\2C24.4D7 moved successfully.
    C:\Users\Mike\AppData\Roaming\dwm.exe moved successfully.
    ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Mike\Desktop\cmd.bat deleted successfully.
    C:\Users\Mike\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-MIKE-HP
    ->Flash cache emptied: 2836 bytes

    User: Mike
    ->Flash cache emptied: 14322 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 41620 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-MIKE-HP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 25538789 bytes
    ->Temporary Internet Files folder emptied: 151323585 bytes
    ->Java cache emptied: 93702 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 719812 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 920384 bytes

    Total Files Cleaned = 170.00 mb

    Restore point Set: OTL Restore Point
    Error: Unable to interpret <[Reboot]Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste. > in the current context!
    Error: Unable to interpret <Then click the red Run Fix button. > in the current context!
    Error: Unable to interpret <Let the program run unhindered. > in the current context!

    OTL by OldTimer - Version 3.2.26.1 log created on 07202011_082007

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\242679PU\showthread[1].htm moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
    File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\242679PU\showthread[1].htm not found!
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...

  7. #7
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,169

    Default

    Dropped back to the OTL restore point
    So basically we may be back to as before all my instructions...OK lets proceed as follows shall we.

    Re-scan with OTL:

    • Right-click on OTL.exe and select Run as Administrator to start OTL.
    • Ensure Include 64bit Scans is selected.
    • Under Output, ensure that Minimal Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  8. #8
    Junior Member
    Join Date
    Jul 2011
    Posts
    10

    Default

    OTL logfile created on: 7/20/2011 9:52:48 AM - Run 2
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.29% Memory free
    8.00 Gb Paging File | 6.51 Gb Available in Paging File | 81.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.46 Gb Total Space | 561.31 Gb Free Space | 81.77% Space Free | Partition Type: NTFS
    Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
    Drive E: | 365.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MIKE-HP | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    PRC - C:\Users\Mike\AppData\Roaming\dwm.exe ()
    PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Mike\AppData\Roaming\Microsoft\conhost.exe (Slows Print)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    PRC - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
    MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
    SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    SRV - (RosettaStoneDaemon) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
    DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
    DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
    DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
    DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
    DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64505

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64505



    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64505

    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/15 03:01:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/15 03:01:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/07/11 16:19:51 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/07/20 09:17:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110709120721.dll (McAfee, Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110709120721.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000..\Run: [conhost] C:\Users\Mike\AppData\Roaming\Microsoft\conhost.exe (Slows Print)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    O4 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    F3:64bit: - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 WinNT: Load - (C:\Users\Mike\AppData\Local\Temp\csrss.exe) - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    F3 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 WinNT: Load - (C:\Users\Mike\AppData\Local\Temp\csrss.exe) - C:\Users\Mike\AppData\Local\Temp\csrss.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-1877933171-1158465878-3935736646-1000 Winlogon: Shell - (C:\Users\Mike\AppData\Roaming\dwm.exe) - C:\Users\Mike\AppData\Roaming\dwm.exe ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/25 06:27:12 | 000,000,016 | R--- | M] () - E:\AUTOPLAY.BAT -- [ CDFS ]
    O32 - AutoRun File - [2008/02/25 06:27:28 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/20 09:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/07/20 08:27:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
    [2011/07/20 08:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/07/20 08:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/07/20 08:20:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/07/20 08:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/07/20 08:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2011/07/20 06:36:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/07/20 06:12:44 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2011/07/12 19:39:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/07/12 19:35:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/07/12 19:23:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/07/12 19:21:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/12 19:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/07/12 19:17:19 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
    [2011/07/12 18:46:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
    [2011/07/12 10:05:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\tdsskiller[1]
    [2011/07/09 12:06:48 | 000,283,744 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
    [2011/07/09 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
    [2011/07/09 11:57:08 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
    [2011/07/09 11:56:31 | 000,441,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2011/07/09 11:56:31 | 000,190,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2011/07/09 11:56:31 | 000,094,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2011/07/09 11:56:31 | 000,075,160 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
    [2011/07/09 11:56:31 | 000,063,056 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
    [2011/07/09 11:40:58 | 000,158,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2011/07/08 18:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2011/07/08 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2011/07/08 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2011/07/08 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2011/07/08 18:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2011/07/08 18:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

    ========== Files - Modified Within 30 Days ==========

    [2011/07/20 09:52:09 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2011/07/20 09:50:43 | 000,182,272 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\dwm.exe
    [2011/07/20 09:50:35 | 000,003,060 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\2C24.4D7
    [2011/07/20 09:49:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/20 09:49:48 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/20 09:47:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/20 09:47:05 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/20 09:17:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2011/07/20 08:14:17 | 000,000,930 | ---- | M] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
    [2011/07/20 08:14:17 | 000,000,911 | ---- | M] () -- C:\Users\Mike\Desktop\ERUNT.lnk
    [2011/07/20 06:34:24 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMike.job
    [2011/07/20 06:13:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2011/07/16 15:44:16 | 000,000,632 | RHS- | M] () -- C:\Users\Mike\ntuser.pol
    [2011/07/12 18:52:42 | 000,000,000 | ---- | M] () -- C:\Users\Mike\Desktop\RKUnhookerLE.EXE
    [2011/07/12 10:40:54 | 000,003,094 | ---- | M] () -- C:\Users\Mike\Desktop\Attach.zip
    [2011/07/12 10:38:25 | 000,000,000 | ---- | M] () -- C:\Users\Mike\Desktop\dds.scr
    [2011/07/12 09:42:36 | 000,435,740 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110712-103528.backup
    [2011/07/09 12:07:08 | 001,385,928 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
    [2011/07/09 12:05:02 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/07/09 12:05:02 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/07/09 12:05:02 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2011/07/20 09:50:43 | 000,182,272 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\dwm.exe
    [2011/07/20 09:20:03 | 000,003,060 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\2C24.4D7
    [2011/07/20 08:14:17 | 000,000,930 | ---- | C] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
    [2011/07/20 08:14:17 | 000,000,911 | ---- | C] () -- C:\Users\Mike\Desktop\ERUNT.lnk
    [2011/07/16 15:44:16 | 000,000,632 | RHS- | C] () -- C:\Users\Mike\ntuser.pol
    [2011/07/12 18:52:37 | 000,000,000 | ---- | C] () -- C:\Users\Mike\Desktop\RKUnhookerLE.EXE
    [2011/07/12 10:40:54 | 000,003,094 | ---- | C] () -- C:\Users\Mike\Desktop\Attach.zip
    [2011/07/12 10:38:12 | 000,000,000 | ---- | C] () -- C:\Users\Mike\Desktop\dds.scr
    [2011/07/09 11:57:47 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2011/05/31 07:35:29 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/25 21:11:14 | 000,007,597 | ---- | C] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
    [2011/03/13 18:33:45 | 000,084,332 | ---- | C] () -- C:\Windows\War3Unin.dat
    [2010/12/20 18:07:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2010/09/19 16:25:05 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/09/19 15:38:19 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/09/19 15:28:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    < End of report >




    OTL Extras logfile created on: 7/20/2011 9:52:48 AM - Run 2
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.29% Memory free
    8.00 Gb Paging File | 6.51 Gb Available in Paging File | 81.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.46 Gb Total Space | 561.31 Gb Free Space | 81.77% Space Free | Partition Type: NTFS
    Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
    Drive E: | 365.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MIKE-HP | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
    "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
    "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
    "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
    "{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
    "{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
    "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
    "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
    "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
    "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
    "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
    "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
    "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
    "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
    "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
    "{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
    "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
    "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "MSC" = McAfee AntiVirus Plus
    "My HP Game Console" = HP Game Console
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "Plants vs. Zombies" = Plants vs. Zombies
    "StarCraft II" = StarCraft II
    "Steam App 500" = Left 4 Dead
    "Steam App 550" = Left 4 Dead 2
    "Warcraft III" = Warcraft III
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop
    "Warcraft III" = Warcraft III: All Products
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/15/2011 4:50:38 PM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: Alert.dll, version: 1.0.19.1, time stamp:
    0x4c03770e Exception code: 0xc0000005 Fault offset: 0x0002fd0b Faulting process id:
    0xffc Faulting application start time: 0x01cc133634de97eb Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files (x86)\Conduit\Community Alerts\Alert.dll Report Id: fc7e7516-7f34-11e0-9896-f7874fe1af24

    Error - 5/16/2011 6:37:43 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: Alert.dll, version: 1.0.19.1, time stamp:
    0x4c03770e Exception code: 0xc0000005 Fault offset: 0x0002fd0b Faulting process id:
    0x11ac Faulting application start time: 0x01cc13473309d017 Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files (x86)\Conduit\Community Alerts\Alert.dll Report Id: 874b94bb-7fa8-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:18:20 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvcplui.exe, version: 3.4.772.4, time stamp:
    0x4cb9da47 Faulting module name: nvgames.dll, version: 6.14.12.6099, time stamp:
    0x4cb9e915 Exception code: 0xc0000417 Fault offset: 0x00000000001478b0 Faulting process
    id: 0x20f8 Faulting application start time: 0x01cc1b8e2763b1d6 Faulting application
    path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting
    module path: C:\Program Files\NVIDIA Corporation\Display\nvgames.dll Report Id:
    7a43bc51-8781-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:18:32 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvcplui.exe, version: 3.4.772.4, time stamp:
    0x4cb9da47 Faulting module name: nvgames.dll, version: 6.14.12.6099, time stamp:
    0x4cb9e915 Exception code: 0xc0000417 Fault offset: 0x00000000001478b0 Faulting process
    id: 0x1de4 Faulting application start time: 0x01cc1b8e423e7616 Faulting application
    path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting
    module path: C:\Program Files\NVIDIA Corporation\Display\nvgames.dll Report Id:
    8167dd22-8781-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:18:55 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvcplui.exe, version: 3.4.772.4, time stamp:
    0x4cb9da47 Faulting module name: nvgames.dll, version: 6.14.12.6099, time stamp:
    0x4cb9e915 Exception code: 0xc0000417 Fault offset: 0x00000000001478b0 Faulting process
    id: 0x1394 Faulting application start time: 0x01cc1b8e504d96b1 Faulting application
    path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Faulting
    module path: C:\Program Files\NVIDIA Corporation\Display\nvgames.dll Report Id:
    8f4e8658-8781-11e0-9896-f7874fe1af24

    Error - 5/26/2011 6:20:07 AM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: nvvsvc.exe, version: 8.17.12.6099, time
    stamp: 0x4cb9e7ce Faulting module name: nvvsvc.exe, version: 8.17.12.6099, time
    stamp: 0x4cb9e7ce Exception code: 0x40000015 Fault offset: 0x000000000005fda2 Faulting
    process id: 0x1df8 Faulting application start time: 0x01cc1b8e2517bdf3 Faulting application
    path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
    Report
    Id: ba6abced-8781-11e0-9896-f7874fe1af24

    Error - 6/25/2011 9:06:08 PM | Computer Name = Mike-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: mshtml.dll, version: 8.0.7600.16766,
    time stamp: 0x4d65eb0f Exception code: 0xc0000005 Fault offset: 0x001462a1 Faulting
    process id: 0x698 Faulting application start time: 0x01cc33946cda18ff Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\mshtml.dll Report Id: 793dc94e-9f90-11e0-9466-f0f0a3d37c0b

    Error - 7/3/2011 2:35:28 AM | Computer Name = Mike-HP | Source = VSS | ID = 8194
    Description =

    Error - 7/8/2011 5:43:04 PM | Computer Name = Mike-HP | Source = VSS | ID = 8194
    Description =

    Error - 7/9/2011 12:10:59 PM | Computer Name = Mike-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16766 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: cf4 Start
    Time: 01cc3e51738de295 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    [ Hewlett-Packard Events ]
    Error - 6/6/2011 1:10:09 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 6/12/2011 10:14:57 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description =

    Error - 6/12/2011 10:15:04 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 6/19/2011 10:40:18 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 6/26/2011 10:25:53 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/3/2011 10:54:14 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/3/2011 12:29:15 PM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/6/2011 1:10:16 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/9/2011 11:48:27 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    Error - 7/10/2011 10:06:15 AM | Computer Name = Mike-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Access to the path 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoSI.xml' is denied. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share) at System.Xml.XmlDOMTextWriter..ctor(String
    filename, Encoding encoding) at System.Xml.XmlDocument.Save(String filename)
    at ? .? . ()

    [ Media Center Events ]
    Error - 6/29/2011 11:11:27 AM | Computer Name = Mike-HP | Source = Microsoft-Windows-Media Center Extender | ID = 801
    Description =

    [ System Events ]
    Error - 7/20/2011 8:36:06 AM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7001
    Description = The Client Virtualization Handler service depends on the Application
    Virtualization Client service which failed to start because of the following error:
    %%1068

    Error - 7/20/2011 8:36:39 AM | Computer Name = Mike-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 7/20/2011 8:36:39 AM | Computer Name = Mike-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 7/20/2011 8:46:00 AM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 7/20/2011 8:46:00 AM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 7/20/2011 8:48:00 AM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7000
    Description = The Sftfs service failed to start due to the following error: %%5

    Error - 7/20/2011 8:48:00 AM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7001
    Description = The Application Virtualization Client service depends on the Sftfs
    service which failed to start because of the following error: %%5

    Error - 7/20/2011 8:48:00 AM | Computer Name = Mike-HP | Source = Service Control Manager | ID = 7001
    Description = The Client Virtualization Handler service depends on the Application
    Virtualization Client service which failed to start because of the following error:
    %%1068

    Error - 7/20/2011 8:48:19 AM | Computer Name = Mike-HP | Source = WMPNetworkSvc | ID = 866314
    Description =

    Error - 7/20/2011 8:48:19 AM | Computer Name = Mike-HP | Source = WMPNetworkSvc | ID = 866314
    Description =


    < End of report >

  9. #9
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,169

    Default

    OK lets proceed as follows shall we...

    Download the following to your Desktop but do not use it yet!

    Microsoft FixIt

    Next:

    Now follow my intructions again in post #5 exactly from Backup the Registry onwards.

    Next:

    If in the event your browser looses connectivity again afterwards...

    Click on Start(Windows 7 Orb) >> Control Panel >> Internet Options >> Connections Tab >> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously. Now check if connectivity is restored.

    If still issues run the IE8 reset below...

    Reset IE8:

    • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
    • Follow the on-screen prompts.
    • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
    • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.

    Note: Any add-ons will require to be reapplied after the above reset.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  10. #10
    Junior Member
    Join Date
    Jul 2011
    Posts
    10

    Default

    Alright, fixer worked


    All processes killed
    ========== OTL ==========
    No active process named dwm.exe was found!
    No active process named tmph754402334323179252.tmp was found!
    No active process named tmph6193933549803906614.tmp was found!
    No active process named Program Files was found!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\973126433 not found.
    File C:\Users\Mike\AppData\Local\Temp\tmph6193933549803906614.tmp not found.
    Registry value HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
    C:\Users\Mike\AppData\Local\Temp\csrss.exe moved successfully.
    64bit-Registry value HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Mike\AppData\Local\Temp\csrss.exe deleted successfully.
    File C:\Users\Mike\AppData\Local\Temp\csrss.exe not found.
    Registry value HKEY_USERS\S-1-5-21-1877933171-1158465878-3935736646-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Mike\AppData\Local\Temp\csrss.exe deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
    Folder C:\ProgramData\Spybot - Search & Destroy\ not found.
    Folder C:\Program Files (x86)\Spybot - Search & Destroy\ not found.
    Folder C:\270091a133c9c244b6fdba70a0172f27\ not found.
    Folder C:\71755c1a7a0aa12e40fb\ not found.
    File/Folder C:\Windows\*.tmp not found.
    C:\Users\Mike\AppData\Roaming\2C24.4D7 moved successfully.
    C:\Users\Mike\AppData\Roaming\dwm.exe moved successfully.
    Unable to delete ADS C:\ProgramData\Temp:5C321E34 .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Mike\Desktop\cmd.bat deleted successfully.
    C:\Users\Mike\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-MIKE-HP
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Flash cache emptied: 926 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-MIKE-HP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 336579 bytes
    ->Temporary Internet Files folder emptied: 24086163 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1824 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 23.00 mb

    Restore point Set: OTL Restore Point
    Error: Unable to interpret <[Reboot]Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste. > in the current context!
    Error: Unable to interpret <Then click the red Run Fix button. > in the current context!

    OTL by OldTimer - Version 3.2.26.1 log created on 07202011_104744

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0WP0G5Y\like[1].htm moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM0960U8\showthread[7].htm moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68GIOVYN\showthread[5].htm moved successfully.
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7210

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    7/20/2011 10:56:34 AM
    mbam-log-2011-07-20 (10-56-34).txt

    Scan type: Quick scan
    Objects scanned: 192573
    Time elapsed: 1 minute(s), 55 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 4
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    c:\Users\Mike\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 4084 -> Unloaded process successfully.
    c:\Users\Mike\AppData\Roaming\dwm.exe (Backdoor.Cycbot) -> 2788 -> Unloaded process successfully.
    c:\Users\Mike\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 1348 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Mike\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Mike\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Mike\AppData\Roaming\dwm.exe (Backdoor.Cycbot) -> Quarantined and deleted successfully.
    c:\Users\Mike\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •